Making HubSpot Comply with HIPAA
Advice from some sources say that you can use HubSpot and be HIPAA compliant, as long as you aren’t collecting PHI. As in, once someone targeted by a marketing campaign becomes a patient, their information must be deleted from HubSpot, and moved over to another CRM that is HIPAA compliant. Others advise that you can use a CRM extension to make the use of HubSpot with PHI HIPAA compliant, but the extension is essentially an external system.
Although both of these solutions may make the use of HubSpot HIPAA compliant, they are both complex and prone to user error. As such, it is our advice that instead of forcing HubSpot to be HIPAA compliant through these complex tasks, you should use a CRM that is inherently HIPAA compliant. This way you don’t need to worry about forgetting to delete PHI from your CRM or using an extension to make your CRM HIPAA compliant.
Is HubSpot HIPAA Compliant?
Is HubSpot HIPAA compliant? No, HubSpot is not HIPAA compliant. Even though HubSpot offers the security measures necessary to protect PHI, they clearly state on their website that they are not a HIPAA compliant solution. This is because they do not currently sign BAAs with their clients. It is therefore recommended that healthcare organizations choose a different CRM that is HIPAA compliant.